Search Results (19764 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-41272 1 Sap 1 Netweaver Process Integration 2025-04-21 9.9 Critical
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application.
CVE-2024-50713 1 Smarts-srl 1 Smart Agent 2025-04-21 9.8 Critical
SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php.
CVE-2024-50716 1 Smarts-srl 1 Smart Agent 2025-04-21 9.8 Critical
SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component.
CVE-2022-46127 1 Helmet Store Showroom Site Project 1 Helmet Store Showroom Site 2025-04-21 7.2 High
Helmet Store Showroom Site v1.0 is vulnerable to SQL Injection via /hss/classes/Master.php?f=delete_product.
CVE-2021-31650 1 Online Grading System Project 1 Online Grading System 2025-04-21 9.8 Critical
A SQL injection vulnerability in Sourcecodester Online Grading System 1.0 allows remote attackers to execute arbitrary SQL commands via the uname parameter.
CVE-2022-24281 1 Siemens 1 Sinec Network Management System 2025-04-21 7.2 High
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.
CVE-2017-16510 1 Wordpress 1 Wordpress 2025-04-20 N/A
WordPress before 4.8.3 is affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi) in plugins and themes, as demonstrated by a "double prepare" approach, a different vulnerability than CVE-2017-14723.
CVE-2016-8027 1 Mcafee 1 Epolicy Orchestrator 2025-04-20 N/A
SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post.
CVE-2016-7803 1 Cybozu 1 Garoon 2025-04-20 N/A
SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function.
CVE-2016-7784 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
CVE-2017-6098 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
CVE-2016-7783 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2016-7782 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter.
CVE-2016-1218 1 Cybozu 1 Garoon 2025-04-20 N/A
SQL injection vulnerability in Cybozu Garoon before 4.2.2.
CVE-2016-10134 1 Zabbix 1 Zabbix 2025-04-20 N/A
SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.
CVE-2017-6097 1 Mail-masta Project 1 Mail-masta 2025-04-20 N/A
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
CVE-2016-10509 1 Opencart 1 Opencart 2025-04-20 N/A
SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) parameter to openbay.php.
CVE-2015-9234 1 Cfpaypal 1 Cp Contact Form With Paypal 2025-04-20 N/A
The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php.
CVE-2017-14703 1 Cashbackcomparisonscript 1 Cash Back Comparison 2025-04-20 N/A
SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.
CVE-2017-15972 1 Softdatepro 1 Dating Software 2025-04-20 N/A
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.